The CRTC has made a very important, and surprising, ruling on the state of usage based billing on wholesale ISP's in Canada. While this actually won't affect most people reading this, it is a pretty important and precedent setting ruling. The most surprising thing about the ruling? The fact that it is actually pro-consumer, not pro-big business.

UPDATED: see the bottom of the post for an update

To keep it simple, the CRTC has ruled that Bell cannot charge wholesale ISP's based on how much data moves through the network. Bell can, however, charge based on speed of the connection. As a quick reminder, wholesale ISP's are smaller, often local ISPs that do not have their own network. They lease space from large ISP's such as Bell, and resell that service to consumers. So while this ruling does not affect the consumer directly, this will have an impact in the long run.

I made the point months ago that charging wholesale ISP's, or even regular users, on a usage based billing system that puts a limit on how much data a user can download each month makes zero sense. I won't go back into it, but you can find the previous posts from January 2011 and on on this site that will explain all of it. The nuts and bolts are that the true cost to the ISP is not how much data moves through a connection, but how fast the connection actually is. Data is a nearly infinite resource; I'm creating data typing this post right now. But how fast you can get that data is limited, and it does cost ISP's more to offer faster connections.

In a nutshell, with this ruling are that the CRTC has seen the truth to this argument, and has said that Bell can charge wholesale ISP's more for a bigger, faster connection, but not for how much data moves through. This is a very fair ruling as it does reflect the true cost of internet service. Wholesale ISP's should be charged more to lease more bandwidth (the actually term for the speed of the connection) from Bell, as that really is where the cost is. I don't think you'll find many rational arguments against that, as it is fair for everyone.

Why this is important is that it is precedent setting. Since Bell can't do it, It will be nearly impossible for Rogers, Telus or Shaw to charge wholesale ISP's on usage based billing now as well. It also means that there is a stronger argument for the general consumer should not be subject to usage based billing. If large ISP's can't do it for their wholesale customers, why should the general consumer face that type of restriction. I have always been a proponent of this, and this does give another bullet in the chamber for the groups that are lobbying for it.

The last thing I will say is that I'm very surprised at the ruling, in a good way. The CRTC very rarely makes consumer friendly rulings of this magnitude. Traditionally it has catered to larger businesses. This ruling helps small businesses the most, but will have a long term positive impact on the state of internet and content delivery in Canada. There are many CRTC rules which I think are so anti-consumer they hurt more than they help (simulcasting sports broadcasting is my favourite example), but this ruling is a surprising breath of fresh air, and a very welcome one.

UPDATE: Since the posting of this article some new news and clarifications have come out. I have also included links to the original article, as well as the two new articles for this update below.

The Canadian Association of Internet Providers (can no one come up with better names for these types of organizations?) has come out against the ruling, saying that it will drive up costs for consumers who subscribe to those wholesale ISP's, since those who want faster connections will likely have to pay more. Now, this actually may be true, but then that will make those ISP's and customers of those ISP's on a similar playing field that customers on Bell, Rogers, Telus and Shaw are. They may even be in a better position because there does not have to be a data limit on their plans, like the larger ISP's have chosen to impliment.

The rhetoric is quite funny. The large ISP's are unhappy because they wanted to implement usage based billing on the smaller ISP's in an effort to make more money. Small ISP's are unhappy because they don't like the prospect of having to pay more to the larger ISP's in any way. Usually, when both sides of the business are unhappy, that is generally a good thing for the consumer. I know that there is a possibility that a consumer using a small ISP will have to pay a bit more, however the deal remains fair to all sides, and does accurately reflect the real cost of delivering internet.

There has also been an update on exactly how the wholesale ISP's will have to pay for their connection speed. According to Ars Technica, the Large ISP's will have two methods to charge the wholesale providers. They can either charge a flat rate, or force the small ISP to pay up front at the beginning of the month for however much capacity they want/need for that month. That is something I personally don't like, because having to pay ahead of time will lead to guess work. If the ISP pays for too much capacity, they will pay for more than what they need and end up paying more than they need to. If they buy too little, it will cause congestion for their customers and slow down their internet. this is not a good situation for the wholesale ISP's and one that they are likely going to have a difficult time handling. You will likely see them having to pay for far more than what they usually need on a given month, especially in the beginning, to ensure there is no drop off in capacity. what I would have liked to have seen is for the wholesale ISP's use what they need in a given month, and then pay the large ISP's the appropriate amount. No more, no less. This would have been a much more fair deal for those small wholesale ISPs.

On April 20th, Shaw increased the bandwidth speed on their high speed extreme from 15Mbps to 25Mbps. They have done this after a lengthy customer consultation spanning the month of February over the concept of Usage Based Billing.
I’ve been thinking about this off and on since I heard about the increase, and even though I’m all for an upgrade in service to users; I quite frankly have no idea what to think, or what to say. This does not make sense at all. I don’t’ know where to begin, so hopefully I’ll get this off without too much ramble.

During the customer consultation session I attended, and reading from the notes of other consultations, Shaw’s message seemed clear. Shaw wanted to put usage based billing into place because the company claimed that during peak hours there was too much congestion on the network, and the hope was that usage based billing would serve to lower the usage of heavy users, as well as help offset the costs of doing node splits, which increase the capacity and reduce the congestion on the network.

I, along with many other people, have explained almost to nauseam that this Usage Based Billing does not solve Shaw’s real problem. You can find more info here, but to put it simply, amount of data and rate of speed are two completely different things. And charging for the amount of data does not fix the problems related to rate of speed. Shaw’s capacity is related to the rate of speed they can provide to its users, not how much data goes through. The cost of 1 gigabyte of data is roughly the same, no matter how fast a user gets it. The real cost, and where the capacity issues are, is in how quickly Shaw can provide the user with that gigabyte of data.

This is why I quite frankly don’t understand this move by Shaw. If there is that much congestion on the network, why would they do something that would only increase the congestion? During the consultation session we were told that most new customers choose the Shaw high speed extreme package, and that that package makes up a good portion of users at this time. If there is this much congestion, why would Shaw take a move that would only make it worse?

Now, I do have a couple of theories on this. I will only share the one that I feel is most likely, for reasons that I will share at the end of this article.

What I think is most likely is that Shaw is trying to match Telus’ offerings in the Internet space, at least on paper. Telus Optik High Speed Turbo Internet, which is currently the company’s fastest offering, tops out at the same 25 Mbps. This puts each offering from the company at roughly the same price, within $1-2/month. Perhaps Shaw simply saw that Telus offered a similar product at a better price, and needed to move to match it.

If this is the case, this is likely a worst case scenario for Shaw. If they are truly facing the congestion issues they say they are, increasing the congestion to match the competition is likely something they did not want to do. Shaw is already struggling to meet advertised speeds during peak hours in dense urban areas, and increasing the cap will only make that worse. My fear is that this will drive Shaw to re-introduce a Usage Based Billing model to recover the costs of more node splits to try to handle the increased congestion. Perhaps Shaw is increasing the speed for that purpose exactly. If congestion becomes more evident, it becomes easier for Shaw to take measures it says will help decrease that congestion.

As I began writing this article, I mused that it was difficult to write when I really had little information. A Shaw representative reached out to me, and provided the following statement: “We are always looking for ways to improve the Shaw Internet experience for our customers. The Shaw extreme upgrades are the first step, and we look forward to sharing more details late May/Early June.” The representative did also say that more information will be coming next week. Based on that, I think I am going to reserve any more speculation or judgment to what I have already said, and wait for more news to come.

I still truly have no idea what’s coming from Shaw. I have guesses that I’m going to keep quiet, because I don’t want to wildly speculate. I can only assume that this is the first step after the consultation sessions, it just seems to myself, and many other observers I have talked to, to be exactly the opposite of what they were trying to accomplish. It will be very interesting to see what happens next.

On April 20th, the PlayStation Network (PSN) went offline for “maintenance.” Here we are, on April 26th as I write this, and it is still down. A lot has happened in the last two days regarding information as to what has happened, and the answers we are getting are, to be frank, frightening.
To put it bluntly, if you own a PlayStation 3 (PS3) or a PlayStation Portable (PSP), and have created a PSN account to use online features, buy games online, etc, a good majority if your personal information has been compromised. The list of what has been compromised is below:

· Name

· Address

· Billing Address

· Country

· Birthdate

· Email address

· PSN login name and password

· Password security answers

· Purchase history

None of that is good, but the two bolded items are especially scary. I will get to that in a bit.

Sony has stated that this information was obtained during an “illegal and unauthorized intrusion into our network” that occurred between April 17th and 19th. Sony also states that while there is no evidence any Credit Card numbers or information has been compromised, they cannot rule out that possibility.

I’m not usually one to blow on a trumpet and say “this is scary” for a hack into a corporate network, it happens a lot more often than people realize. But this particular attack is frightening, for several reasons.

The first is that the attackers were able to obtain the actual user passwords. Anyone who has any knowledge of computer security whatsoever knows that one of the most basic principles of security is that passwords are stored in what is called a hash, which is a type of storage which is useless to anyone looking at it. A password would be stored as a series of random letters and numbers which cannot be reverse engineered to what the actual password is, as each hash is unique. To put it simply, if Sony had put the passwords in any secure matter whatsoever there would be no chance at all that they could have been compromised.

If you are a person who uses the same password for every account, this means that you should, right now, go and change your password for every other online service you use. I’m not kidding here. I’ll even wait for you to do it before I continue this post…….

Ok, now that that’s done, the second item, which could actually be worse, is that password security answers have been compromised. Those are the answers to the questions that you have to answer when you forget your password, the questions like “what is your mother’s maiden name?” or “what was your first pet’s name.” Having the answers to these questions doesn’t’ affect your PSN account, since they have your password anyway, but this means that even if you change it they have the answers to the questions that would let them change it again. And again, if you have used the same questions and answers to any other service, the potential exists for the attackers to compromise your passwords on other accounts, and again, even if you change the passwords, they can use these answers to get the new password.

Changing your security questions is likely harder than changing your password, but in the case of this breach, it is as important, if not more important than, changing those as well.

Again, Sony does say that there is no evidence that actual Credit Card numbers have been compromised, but that possibility does exist. I wouldn’t say you need to cancel your credit card associated with your PSN account right now, I’m not, but I will be watching it like a hawk for the foreseeable future.

Where does that leave us? Well this is a pretty significant breach, and one of those events that really should make everyone take a step back and think about their online presence, and how they protect themselves. The attackers in this case have more than enough information to steal a person’s identity, and potentially the ability to compromise every online account you have, possibly even an online bank account login. There’s really no way to sugar coat that, they have the info, it’s possible.

Now, honestly, the part I’m least worried about here is the possibility of identity theft. That may seem odd, but to be totally honest, if someone really wanted to get the information needed to steal my identity, it’s probably all on the internet anyway. Sure, this packages it up nicely for the attackers, but I’m 100% sure that I have, at least once, posted every bit of information needed. Does that scare me? When I write it out like I just did and really realize it, it kind of does. Do I worry? A bit, but not as much as I thought I would. It’s no different than if I, say, lost my wallet, or if someone intercepted my mail. If someone really wants to steal my identity, they’re going to do it, regardless of any safeguards I take.

What really worries me is the fact that Sony was apparently so careless with user passwords. I am simply at a loss for words as to how this attack could have compromised actual user passwords. At my workplace, I have administrative access to every computer, server, and bit of information in the entire company. But there is physically no way for me to tell what someone’s actual password is. Sure, I can create a new password for someone when they forget theirs, but there is physically no way for me to find out what their current password is. The fact that the PSN is apparently not set up in the same matter is one of the most careless security practices I have ever heard of.

I have personally changed my password on every service I remember I’ve signed up for that may use that password. A few services, like my banking website and my primary email address, use completely different passwords that cannot be obtained through any part of this attack, should be safe, but I’m still a bit worried about them. But what about “random online service” that I signed up for 2 years ago that I absolutely cannot remember? If it used the same password that was on my PSN account, that account is compromised, and it’s possible that I could have personal information on those accounts that may be able to compromise me further. This attack has made me realize that I need to write down every online service I’m signed up for, not the passwords, maybe not even the usernames, but just the service so I know where I have accounts that have the potential to be compromised, because I am at risk here, and the fault is Sony’s.

As I’ve said above, I’m not usually one to panic when I hear about a company getting attacked and some information getting compromised, because most of that information is likely somewhere to be stolen anyway. But the severity of this attack is alarming, and has eroded almost all of the trust I had in Sony has a company. Am I going to throw my PS3 out? No. but I’m going to think long and hard about ever giving my Credit Card information to that company ever again. Sony had my trust, and they have now lost it. I’m not sure if they will ever be able to get it back.

Below are links to the articles I used in my post, including the official statement from Sony on the PlayStation Blog

Today was my day to participate in the Shaw customer discussions on Internet billing. It was a 2 hour session that turned into 3 hours, followed by coffee with a couple people. I will be posting a lot more about this in the coming days, but for tonight I just wanted to get out some quick bullet points.

Overall I was impressed with the atmosphere and tone. The representatives from Shaw were talking to us, not at us, and welcomed discussions and questions

There was a lot of discussions, but not many answers. For every question that was asked by an attendee, it seems that there was a question from a Shaw representative. I understand that this was to try to gather more ideas and information, but did get a tad frustrating.

It really seems like Shaw does not know what the endgame here will be. The representative I spent most of my time talking to spoke at great length about how the customer backlash to the UBB plans was much more than they ever thought, and that it really did cause them to pause.

The Shaw representatives did take a fair amount of notes, cataloging almost every idea that was tossed around. One employee collected all of the notes taken so they can be transcribed

The general feeling in the room was very anti UBB, but I do think that more fair ideas were presented.

The tone of most attendees was much less confrontational that I thought it would be, I think because the Shaw representatives were very open and willing to listen.

After coming out of the meeting, I don’t know what the endgame to this entire process will be. That is not necessarily a bad thing, but for all the discussions I did not leave with many answers.

the graphs were hilarious, and not in a good way.

there is a lot more to come. I took six pages of notes that I need to re-read and organize into something I can actually post here. I also have to filter out what I should, and am willing to post. I will try to get the full breakdown and insight into the discussions up as soon as possible, but it's after 11 and I need to go to sleep. On a personal note I’m getting a root canal Tuesday afternoon, so getting the post up Tuesday will be entirely dependent on how I feel and how medicated I am. You have no idea how much I'm looking forward to that.

There has been a lot of confusion over Usage Based Billing over the past few weeks. There has been much debate on both sides of this issue. Unfortunately, much of this debate is being had by people who do not understand the technology behind the concept. I do not claim to be an expert, but I do believe that I can help clarify some of the confusion that has been so clear over the past few weeks. Once again, I will mainly use Shaw as my example. This is only because I personally have Shaw as my provider, and I have the most experience with them. I am not trying to single Shaw out, as what I am going to talk about here is true for all Internet Service Providers.
First off, nearly everyone who has talked about this story has been using the term “bandwidth cap.” I myself am included in this. Many people have been doing this because it makes it easier for most people to understand, and keeps some confusing terms and technology out of the discussion. I need to clarify two things to make the rest of what I’m saying make a little more sense.

The term “bandwidth” does not actually have anything to do with the limits being put in place by the ISP’s such as Shaw. Bandwidth is the term used to describe how fast your internet connection is. Shaw’s high speed plan provides a bandwidth of 7.5 megabits per second (Mbps). This means that a user can download files, videos, music, etc, at a maximum speed of 937 KiloBytes (KB) per second; or just under 1 MegaByte per second. The High Speed Extreme plan is twice that speed. The bandwidth that Shaw provides allows for faster downloads.

What I, and many others, have been calling the “bandwidth cap” until this point is actually a data transfer limit. This limit governs how much data you can transfer, not how fast you can download it. The limit on Shaw High Speed is 60GB per billing cycle, while for High Speed Extreme allows for 100GB per billing cycle. This data transfer limit has no bearing at all on how fast you can download that data, which is your Bandwidth.

Wait, what?

To put it simply, data limits are how much you can download, and your available bandwidth is how fast you can download it. At the end it’s pretty simple, but it’s been misrepresented to this point. This should hopefully make my next explanation a little easier to understand.

Networks that have been built by ISP’s are very complex. Much too complex for me to really talk about in detail here. Shaw, Bell, Telus, Rogers all spend considerable amounts of money to build out and upgrade their networks. This point is fact, and it can’t be disputed. I won’t even try, because that they do spend that money for the upgrades is, in the long run, better for Canadians. This is good, and something that we want to continue.

This brings us back to the bandwidth vs. data limits discussion. What the ISP’s spend money on to upgrade their networks is mostly about the ability to increase available bandwidth. The infrastructure is upgraded to allow for faster data transfers. Now, this doesn’t mean just for you. Part of the investment is for the “backbone” network, which is where the bulk of data is carried. When you load a website based in Europe, the BBC for example, that website comes through a cable that literally runs through the bottom of the Atlantic Ocean, and then runs across North America to its destination. The upgrades that ISP’s, as well as the major “backbone” providers that most of the public has never heard of, to allow for faster transfers. Again, this is good for consumers, and is something that we want to continue to further expand what users can do on the internet. The investment that the ISP’s make have allowed for improved speed on our internet in the past 10 years.

Now we talk about data transfer. I’ll just get this out of the way first. Data transfer over that network is not free. However, it is much closer to free than most know. All large ISP’s have contracts or agreements with each other to allow traffic to flow from one ISP’s network to another. This is how someone on a Shaw or Bell computer can read this website, which is hosted by a provider in the United States. These agreements are called peering agreements, which is actually at its core a very simple thing. Taking the example of Shaw and Bell, a peering agreement is where they build a connection between their two networks that allows data to be transferred between them. If the overall data transfer is anywhere close to equal between both sides, most times no money changes hands, since the cost would end up being equal for both sides anyway. In cases where the data transfer is not equal, the party with lesser traffic may have to pay for that connectivity. However, the sheer scale of traffic that is transferred between ISP’s means that in most cases, no money does change hands.

Where money often does change hands is in an IP transit agreement. This type of agreement is where a provider such as Shaw does not have direct access to another provider’s network, i.e. one in the United Kingdom. In this case, Shaw would have to pay an IP Transit provider so traffic can get from Shaw’s network to the United Kingdom and vice-versa.

My understanding from communicating with people who do have direct knowledge on this is that the cost to deliver 1GB of data to a customer is 1-3 cents. This means that at most, on a 60GB/month plan the actual cost to deliver 60GB to the user is at most $1.80.

There is a fantastic write up that goes into more detail about peering agreements and how much it costs for data transfer here. I encourage you to read it to get a more detailed grasp on this concept.

Now, the 1-3 cents/GB does not include costs like network maintenance, labour, etc. There is a cost to that of course, and that will increase the cost per GB overall. However, this is why Shaw charges $37 or $47/month for the High Speed plan. Those costs, as well as others, are built into that price that you pay per month.

However, the simple fact that Shaw would like to charge an overage fee of $2/GB when in fact it costs them 1-3 cents is a markup of approximately 6600%. This is why they can offer the “data packs” which can give you up to 250GB for $50, which is 20 cents/GB. Even this is a significant markup (600%) on something that is as close to free as a gigabyte of data.

So If All This Data Is Free, Why Do They Want to Charge So Much For It?

I’ve heard many arguments for UBB that bandwidth is limited, and that charging for data is a way to solve that. Frankly, that is not true. Bandwidth, by its definition of being how fast a provider can serve that data to you, is limited. This is why Shaw has plans of 1, 7.5, 15, 50, and in some areas 100Mbps. That is the physical size of the “pipe” that Shaw is providing to you, and that is what is scarce. There is no scarcity on the actual amount of data that can be transferred to you. The only limiting factor is how fast you can actually get it. The cost for an ISP to provide you with 5GB of data is, in the grand scheme of things, virtually identical to how much it would cost them to provide you with 500GB of data. It doesn’t matter whether it takes a 1 hour, 1 week, or 1 month to transfer that data to you; the actual cost of the data is the same. The real cost is in how fast they can actually get that data to you.

Shaw, and many other providers would have the general public believe that the internet should be treated like utilities such as water. They say that it costs money to build the pipe to deliver the product to the user, but also for the actual product they deliver. If an area needs more water, they have to build a bigger pipe to carry more water, and there is a cost to that. This makes sense, since water is a scarce resource, and there is a finite amount of it in the world. However, this argument does not quite work for the internet. While actually building the “pipe” and expanding it from time to time does cost money, the cost of actually moving data through that pipe over time is negligible. Data, or “bits” as I like to call them, is not a finite resource, and cannot be treated as such.

The actual data transfer, which is what Bell, Shaw, and Rogers seek to limit and charge overage fees for, is actually the cheapest part of the entire equation on the internet. This is simply another way for these companies to make money where they do not have to raise their basic rates. They don’t even need the majority of their customers to go over the limits, since the current overages that they are charging are so inflated that the profit margin on those 10% of users is massive.

So when many ISP’s tell you that bandwidth is limited, remember two things. First, bandwidth actually is limited. However, in the discussion of UBB, bandwidth has absolutely nothing to do with what your ISP is charging you for overages. While an ISP would like to have you believe that they are the same, in reality, they are trying to take the most plentiful and cheapest part of their ecosystem and pass it off as a much higher cost and limited part.